Users often communicate with each other over the Internet, and store network-based data, in an unsecure manner. Unsecure communications and data are acceptable for many purposes where the information communicated is of a non-sensitive nature.
However, there are many contexts in which the information communicated is actually or potentially sensitive, such as when communicating and storing confidential business details, conducting e-commerce, and the like. In such contexts, the communicating users should employ systems with cryptographic capabilities that can encrypt and decrypt the communicated information. This prevents intermediate parties such as active eavesdroppers, systems such as routers that make up the Internet architecture, and the systems storing data at remote locations, from being able to obtain the communicated information in its original plaintext form.
The cryptographic infrastructure needed to allow users to easily and transparently secure their communications can be complex. Delegation of cryptographic functionality entails a certain degree of trust of the infrastructure components that provide the functionality. Accordingly, a third-party organization providing the cryptographic functionality may be able to exploit this trust to obtain the original, unencrypted communications. Such a risk may not be acceptable to some users, e.g., when conducting highly sensitive communications.
More specifically, although information is communicated and stored in encrypted form, the mere fact of selecting among several encrypted items in a database may reveal sensitive information. The request which expresses such a selection must therefore be encrypted, as well. While this protects against eavesdroppers on the network, the request itself cannot easily be hidden from the server responding to the query or update request: Human operators of the cloud infrastructure could, for example, gain access to the server's internal memory where the request is decrypted and represented in unencrypted form, and/or to the new content that is to be stored in encrypted form in the cloud.
The figures depict various embodiments of the present invention for purposes of illustration only. One skilled in the art will readily recognize from the following description that other alternative embodiments of the structures and methods illustrated herein may be employed without departing from the principles of the invention described herein.